Obtaining Certificates Automatically Using SCEP

Setting Default AWI OSD Management Console
SCEP Server URL
Challenge Password
CA Issuer Identifier
Root CA
Client Certificate
Request Certificates (a button)
Status

You can simplify the retrieval and installation of digital certificates by enabling devices to obtain certificates automatically from a Simple Certificate Enrollment Protocol (SCEP) server.

The Tera2 PCoIP Zero Client generates its own 2048-bit SCEP RSA private key

When a Tera2 PCoIP Zero Client boots up, the device generates its own 2048-bit SCEP RSA private key. This key is used to construct a PKCS#10-formatted certificate request, which is then delivered to the SCEP server.

SCEP certificate naming conventions
SCEP certificates are configured with the requested certificate Subject as the PCoIP Device Name and the Subject Alternative as the device MAC address (all in lower case and with no dashes). This naming convention is not configurable.

SCEP scenarios and tested SCEP server setups

For information on the best SCEP scenarios and tested SCEP server setups, see What are the best scenarios and setups Teradici uses to test its implementation of SCEP? (KB 1366).

Alt text
SD SCEP page

Alt text
AWI SCEP page

The following settings display on the OSD and AWI SCEP pages:

SCEP Parameters

Parameter Description
SCEP Server URL Enter the URL for the SCEP server that is configured to issue certificates for the device.
Challenge Password Enter the password to present to the SCEP server.
Root CA Displays the name of the root CA certificate that has been installed in the device.
Client Certificate Displays the name of the client certificate that has been installed in the device.
Request Certificates After entering the SCEP server address and password, click this button to retrieve certificates.
Status Displays the status of the request (for example, in progress, successful, failed).

To obtain certificates automatically from a SCEP server:

  1. Open the SCEP page:
    • From the OSD, select Options > Configuration > SCEP.
    • From the AWI, select Configuration > SCEP.
  2. Enter the URL and password for the SCEP server.
  3. To retrieve the certificate, click Request Certificates. The Root CA and 802.1x certificates display after these certificates are installed.
  4. To save your updates, click OK from the OSD, or click Apply from the AWI. The Status section displays the status of the request (for example, in progress, successful, or failed).